“We would certainly like to see how GDPR settles before you try and lock down the text of ePrivacy.” That was the simple advice from Bruce Gustafson, Alliance CEO, on the timing of the ePrivacy debate in Brussels.

Gustafson was one of several industry leaders that spoke with the National Journal’s Brendan Bordelon for a piece titled “Tech Firms Brace for Salvo of European Privacy Rules”. The Journal’s take on GDPR and ePrivacy from its interviews: “...a one-two punch that could upend established business models, inadvertently frustrate consumers, and stifle innovation in both Europe and the United States.”

The European legislation is part of a trend Gustafson is highlighting as the EU seeks to export its take on privacy to a US market lacking its own regulations.

"We need to try to figure out how to deal with privacy in the U.S.,” Gustafson said. “Because if we don’t, we’re going to be operating under a European regime, which in a lot of ways is inconsistent with what the Constitution would provide here.”

The European Parliamentary Research Service (EPRS) recently published a study on the app economy showcasing its success and the profound societal impact that it has had in terms of making people’s lives better (read our overview). Considering this study, EU40 organised a working breakfast on this timely topic bringing together top experts in the sector, who will shared their insights.

On the heels of the EU’s General Data Protection Regulation, Europe is gearing up for its next big privacy push, this time taking aim at data collection within messaging apps. But critics contend the proposed law goes too far, potentially stifling innovation and hurting profits.

OWI Insight: The EU is trying to walk a fine line with GDPR and ePR, ensuring consumer protection without stifling development of new technology and hurting businesses across Europe. There is one catch, though: It’s a bit easier for the EU to take these risks, because, as The Financial Timesnotes, the bulk of innovation in the tech sector is coming from China and North America. It is telling that many of the heaviest hitters opposing ePR in the Developers Alliance are American companies from Silicon Valley. With the dust from GDPR yet to settle, and apparent infighting at the Council of the European Union over ePR, don’t be surprised if the new law encounters further delays and doesn’t take effect by its targeted deadline of early 2019.

“The ENCRYPT Act was a great idea in 2016 and it’s an even better one now. Earning the trust and confidence of users is the Software Developer community’s highest priority, and strong encryption is the best way to ensure the privacy and security of user data. There is no such thing as a secure back door; the worst possible future is a patchwork of rules and prohibitions and a ring full of skeleton keys held by every agency and official across 50 states and an untold number of foreign governments. The ENCRYPT Act unambiguously places the Federal Government as the front-line defender of U.S. data security and we strongly support Congressmen Lieu (D-CA), Jim Jordan (R-OH), Suzan DelBene (D-WA), and all co-sponsors for their vision in bringing this legislation forward. Establishing the United States as the global champion of strong encryption is a critical step in securing the nation's ongoing leadership in innovation and entrepreneurship"

“Any discussion of encryption and law enforcement access to data needs to happen at the federal level. As a computer science major, I can tell you that having 50 different mandatory state-level encryption standards is bad for security, consumers, innovation, and ultimately law enforcement. Encryption exists to protect us from bad actors, and can’t be weakened without also putting every American in harm’s way. I am proud to lead this bipartisan group of Members who understand this is an issue of interstate commerce and economic security as well as cybersecurity. The ENCRYPT Act ensures we can have a national discussion about encryption without compromising consumers’ security in the process.”

Upon introduction, Mr. Bishop writes:

“The safety of our nation is the number one priority for this Congress, and establishing a pathway for decryption would create new vulnerabilities to be exploited by bad actors. To better protect our information from cyber threats, whether it deals with our nation’s security, commerce or personal data, we need a unified policy. The ENCRPYT Act is a critical first step in adopting a national approach – instead of the patchwork of encryption standards that our tech industry and law enforcement face today.”

Upon introduction, Ms. DelBene writes:

“Our goal needs to be keeping people’s personal information secure. When 50 states have different laws on encryption, it undermines our efforts to protect innocent Americans from bad actors who are looking to snatch personal data for their own nefarious uses. This legislation strengthens our national security, while ensuring that people’s privacy is protected and advances in technology can continue to flourish.”

Upon introduction, Mr. Jordan writes:

“We know federal agencies have abused warrantless surveillance in the past. The current patchwork system for encryption makes it easier for further abuses of the system and increases the problem by creating potential opportunities for abuse by 3rd party actors. By creating a unified approach to encryption, we can protect security and privacy while allowing law enforcement to continue keeping us safe. Today’s introduction of the ENCYPT Act is an important step in the right direction.”

Support for the ENCRYPT Act:

The App Association President Morgan Reed:

“On behalf of app developers and tech innovators across the country and around the world, we can attest to the value of encryption technologies to protect data and prevent crimes. The App Association is proud to support the ENCRYPT Act, and we commend Representatives Lieu, Bishop, DelBene, and Jordan for their leadership in reintroducing this timely bill.

"The ENCRYPT Act is a necessary step to ensure Americans can use encrypted technologies to protect themselves and their data, regardless of where they live. Encryption protects our most valuable information from nefarious cyber criminals – securing everything from private healthcare data to financial transactions, proprietary business information to the countless interactions that occur throughout the $950 billion global app ecosystem. Weakening encryption through a patchwork of conflicting state policies would jeopardize this protection and create known vulnerabilities that hackers seek to exploit. This legislation establishes national guidelines for the interstate use of encrypted technology and protects the data that drives our local economies and the app economy at large, and we urge Congress to advance these important measures through swift consideration of this important bill."

ITI:

“Encryption is vital to securing consumers’ private information and protecting them from Cybercriminals. With that said, the level of protection consumers experience should not be determined by the state in which they live. State mandates that either ban strong encryption technology, or require the design of intentional vulnerabilities, are untenable from both a security and policy standpoint. ITI commends Reps. Ted Lieu, Suzan DelBene, Mike Bishop, and Jim Jordan for their leadership on the ENCRYPT Act.”

Developers Alliance President/CEO Bruce Gustafson:

“The ENCRYPT Act was a great idea in 2016 and it’s an even better one now. Earning the trust and confidence of users is the Software Developer community’s highest priority, and strong encryption is the best way to ensure the privacy and security of user data. There is no such thing as a secure back door; the worst possible future is a patchwork of rules and prohibitions and a ring full of skeleton keys held by every agency and official across 50 states and an untold number of foreign governments. The ENCRYPT Act unambiguously places the Federal Government as the front-line defender of U.S. data security and we strongly support Congressmen Lieu (D-CA), Jim Jordan (R-OH), Suzan DelBene (D-WA), and all co-sponsors for their vision in bringing this legislation forward. Establishing the United States as the global champion of strong encryption is a critical step in securing the nation's ongoing leadership in innovation and entrepreneurship"

New America’s Open Technology Institute Policy Counsel and Government Affairs Lead Robyn Greene:

“Despite a wave of news stories and an Inspector General report showing that encryption is not the insurmountable obstacle that the FBI, prosecutors, and state and local police claim, the second Crypto War is unrelenting. Law enforcement has lost credibility in this debate, and Congress should reject their continuing calls for legislation to help them break encryption. We welcome the introduction of the ENCRYPT Act as a step toward putting this endless debate over encryption backdoors to bed once and for all.”

Engine Executive Director Evan Engstrom:

“We applaud the authors of the ENCRYPT Act for working to prevent state and local governments from forcing companies to intentionally weaken the security of their products and services. Undermining encryption would be especially devastating for startups and their users, since they typically lack the resources necessary to protect unencrypted user information. Internet users rely on encryption-enabled startups every day to do things like communicate with loved ones, protect connected devices, and store and share sensitive health, banking, and business information. Weakening encryption will harm those startups and put their users’ sensitive information at risk.”

IA President & CEO Michael Beckerman:

"The internet industry applauds Rep. Ted Lieu, Rep. Jim Jordan, Rep. Susan DelBene, and Rep. Mike Bishop for reintroducing the ENCRYPT Act. Weakening encryption by requiring companies to engineer vulnerabilities into their devices and services makes us all less safe and less secure. Encryption protects our country from countless threats to the financial system, sensitive infrastructure, and individual privacy. The ENCRYPT Act recognizes the importance of encryption to our national security and daily lives."

Last week, dozens of American-based media and Internet companies went dark for 500 million citizens of the European Union. The culprit? The E.U.’s General Data Protection Regulation (known as G.D.P.R.), which forces companies to adhere to certain guidelines when it comes to the use and storage of people’s data. The law is already causing panic in Europe: in addition to the blackout, tech giants have been hit with multi-billion-dollar complaints filed by European privacy advocates, and programmatic ad buying has plummeted. But the E.U. is on the verge of an even more dire privacy crisis, which could provide a chilling preview of Silicon Valley’s fate should the U.S. choose to follow in its footsteps.

By Natasha SingerOriginally published in The New York Times on May 27, 2018

The new European data privacy legislation is so stringent that it could kill off data-driven online services and chill innovations like driverless cars, tech industry groups warn.

The American Chamber of Commerce to the European Union called the legislation “overly strict.” The Developers Alliance, a trade group representing Facebook, Google, Intel and dozens of app makers, said it could cost businesses in Europe more than 550 billion euros, or about $640 billion, in annual lost revenue. And DigitalEurope, another tech trade group, said the legislation’s prohibitive approach “seriously underminesthe development of Europe’s digital economy.”

New GDPR regulations on personal data will affect even individual codersBy Jeremy Hsu

On 25 May, enforcement will begin of the European Union’s General Data Protection Regulation (GDPR): a law covering any organization anywhere in the world that handles the personal data of EU residents. Many individual developers and small-business owners will need to make sure that their applications, services, and websites comply with the GDPR, even if they do not live in EU countries.

The GDPR aims to give Europeans a clear understanding of who has their personal data and more control over its use. This means organizations must be much more disciplined about capturing and using personal data. “You need to be able to produce, delete, and audit the data easily,” says Michela Palladino, director of European policy and government relations for the nonprofit Developers Alliance.

Without interoperable software, the future and growth opportunity of the Internet of Things is diminished and may be even in doubt, along with the thousands of companies and millions of developers working on IoT projects. If a handful of companies can control the keys to device and software interoperability, we can be certain of slower growth, higher consumer costs, and lost opportunities for entrepreneurs and innovators.